Internet Safety (part 1)

(Internet Safety Part Two)

Introduction

Like any other place in a fallen world, the internet is not safe. That is, you should no more allow a child to roam the internet unsupervised than you should drop him off in Times Square and tell him to have fun and meet you in three hours. There are pitfalls, and there are evil people who are probably more cunning than he is.

On the other hand, there are such people and places in your neighborhood, too, and you wouldn’t refuse to let a child out of the house just because the world is a dangerous place. There are things he needs that you can’t provide if he never goes outside. Much of parenting and teaching is the careful balancing of risk and reward, of danger and duty.

The internet is just like your neighborhood, only bigger. Yes, there are dangers, and we need to approach them responsibly. But supervised exposure to the internet, even for very young children, is too valuable to avoid simply out of fear. The internet provides free or nearly free access to virtually limitless information resources and allows communication at a capacity and speed unimaginable a generation ago.

So how do we access the internet responsibly? The first step, obviously, is to be aware of the dangers; the second is to take steps to minimize, if not eliminate, the risk. The internet comes with two types of dangers: technical dangers to your computer system, and dangers to your person.

Technical Dangers

Spam

Spam is unsolicited e-mail; the term is usually more narrowly applied to unsolicited commercial e-mail. Spammers get your e-mail address from any public place; the simplest way is to "harvest" addresses from directories of users in ISPs (internet service providers), such as AOL, or from public forums such as eBay. If you use such services, you will be spammed.

It’s possible to get a free e-mail address that you don’t intend to use for actual communication and do your public business (say, at eBay) with that address. Free e-mail accounts are available from Yahoo (http://mail.yahoo.com/), Google (http://mail.google.com/), Hotmail (http://mail.hotmail.com/), and other sources. You can then carry on your actual e-mail correspondence with an account from an ISP that doesn’t publicly post its directory.

Still, it’s difficult to avoid any public use of your e-mail address; the only practical solution is to use e-mail filtering software. Most ISPs provide some sort of spam filtering capability in their e-mail programs. Similarly, providers of the free e-mail accounts listed above provide a way to "report" spam so that your account will get smarter and smarter over time at filtering out messages you don’t want to receive.

To get even better protection, you can buy a separate spam-filtering software package to install on top of your e-mail. For a recent review of such packages, see http://spam-filter-review.toptenreviews.com/.

Spam will always be with us. Laws aren’t likely to help; much current spam is blatantly violating existing laws, and even though the illegal spam almost always includes a way to reach the perperpetrator, spammers are rarely if ever prosecuted. Filtering appears to be the only recourse for the time being.

Pop-up Ads

A founding concept of the internet is that "information wants to be free."1 Some websites have tried to charge for access to their content; with the exception of pornography sites, few have been successful. Thus, many websites try to make money by selling advertising. They have a right to do that, and if you want their content badly enough, you’ll keep going back even though the ads annoy you. The favorite ad style for the moment appears to be the "pop-up" ad, which opens a new window showing the ad, usually on top of the window you really want to see.

Software is available to block these pop-ups. One free solution that works reasonably well is the Google toolbar (http://toolbar.google.com/). A number of other programs offer pop-up blocking as well; search on "pop-up blockers" at Google.

Spyware

Spyware is software that sits quietly on your computer and does things you don’t know about. Typically it comes as part of a "free" software package you download from the web. The benefit the company gets, and the reason it gives you the game or the utility "free," is that the spyware communicates back to the publishers whenever you’re online, passing along information that the publisher deems useful. Aside from the serious privacy implications that spyware raises, it also slows down the performance of your computer, whether or not you’re online.

In some cases, the program is useful enough that you’re willing to put up with the module running in the background. A couple of games on my home computer, for example, are favorites of my children, and I don’t mind the minor effect on performance. But in most cases you don’t care that much about the program, and you’d just as soon dump the spyware.

There are a good many spyware blockers and cleaners available. One that works well, and is available for free trial and any voluntary donation, is Spybot Search and Destroy (http://www.safer-networking.org/). Updated data files are regularly available for free download. For other options, search for "spyware blockers" on Google.

Viruses

The term viruses is now generally used to refer to a number of malicious programs that do nasty things to your computer system; technically, computer technicians distinguish among viruses, worms, and Trojan horses2, but the distinction is not important for lay users.

Viruses get onto your computer when you either download them (from the Internet or a disk) or receive them via e-mail. The key to preventing their arrival is to download only from trusted sources and to open attachments to emails only if you are sure they are safe. But knowing that can be difficult; many viruses e-mail themselves to everyone in the address book on the computer they’ve infected, so the fact that the email is from someone you know is no guarantee that the attachment is safe.

The best solution is to buy and install a good virus protection program. The best ones are reasonably priced, and the dangers to your system from being unprotected are significant, so don’t try to cut corners on this. The standard antivirus programs are Symantec AntiVirus (http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=is&pvid=nav2006) and McAfee VirusScan (http://us.mcafee.com/root/package.asp ?pkgid=100&cid=16269). (Incidentally, both companies also sell programs that combine several of the technical security protections discussed above; see Symantec’s Internet Security [http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=is&pvid=nis2006] and McAfee’s Internet Security Suite [http://us.mcafee.com/root/package.asp?pkgid=144&cid=17936].) For other recommended antivirus software, see http://antivirus.about.com/.

For information on specific viruses, see libraries at Symantec (http://www.symantec.com/avcenter/global/vinfodb.html) and McAfee (http://vil.nai.com/vil/default.aspx).

Hackers

Hackers are computer users that break into systems where they are not authorized.3 It’s not very likely that a hacker will seek access to your personal computer to access information on its hard drive, although that’s possible. More likely, a hacker will attempt to take control of your computer so that he can send out spam from it, thereby hiding his identity from those who receive the spam. (It will look like your computer sent it, because it did.)

The solution to hackers is called a firewall. Many firewalls for home computers are available (search for "firewall" on Google), but I like the one from Zone Labs (http://www.zonelabs.com/), because it works well and there’s a free version.

Personal Dangers

There are several kinds of danger on the internet that can harm you personally. We’ll discuss four: sexual predators; violations of privacy, including identity theft; false information; and objectionable websites.

Sexual Predators

It’s a truism on the Internet that "nobody knows you’re a dog"4 ; that is, you can pretend to be someone or something you’re not, and the person on the other end is none the wiser. As a result, there are multiple cases of sexual predators posing as children in Internet chat rooms, forums, and instant messaging sessions, establishing contact with a naïve child, acquiring personal information, and arranging a physical ("f2f," for "face to face") meeting for the purpose of sexual assault.

The best protection against such predators is privacy—that is, refusing to give out private identifying information. Children should be told never to give out, for example, the name of their town or school. Once a predator has that information, he can then ask, "What’s your uniform number on the soccer team?" and he has ample information to make physical contact.

It is possible for predators to obtain such information more indirectly, and occasionally a child will give out compromising information without any awareness that he has done so. The child should also be instructed, then, never to agree to meet anyone he has interacted with online, without his parent(s) present.

For more details, see the summary of the problem at http://www.crisisconnectioninc.org/sexualassault/internet_child_sexual_predators.htm. See also much helpful information at http://www.prevent-abuse-now.com/index.htm.

Violations of Privacy

A closely related issue is violation of privacy. In this case, we’re usually talking about adults, not children. Users should be aware that they may place information on their computers that can be communicated without their knowledge; for example, in early versions of most web browsers, the user could enter personal information that could be read by any website he visited. (More recent versions, such as Microsoft’s Internet Explorer 6, no longer provide that function.) Further, Internet "cookies," which websites use legitimately to personalize the user’s experience on the site, can give clues to where the user has been by storing that information on the user’s hard drive.5

In my experience, people who behave themselves rarely need to worry about such privacy violations; if you behave in private in such a way that you’re ashamed of nothing, then you risk nothing if those activities become public. But there are important exceptions to that principle, most obviously financial ones: if your Social Security number, financial account numbers, or passwords become public, then you are at risk for identity theft and consequent financial loss.

The best protection against identity theft is to engage in financial transactions in person. But nobody wants to be that limited; we like to make purchases online, do our banking online, and engage in similar financial activities with convenience. To minimize the risk, follow two simple rules:

  • Deal only with sites you contact first, not with those that approach you by e-mail or in other ways.
  • Deal only with sites that have a "secure server," which encrypts your financial information for transmission over the Internet. A site with a secure server will typically say so prominently before asking for information, such as credit card numbers.

A very common method for getting your personal information on the Internet is called "phishing." The thief sends you an e-mail that purports to be from a website you do business with—say, Amazon or your online bank. The e-mail may contain the official logo and in other ways appear to be legitimate. It will ask you to click on a link to update your information. The link may appear to be legitimate; for example, the following link appears to point to Amazon: http://www.amazon.com/info_update. But if you hover your cursor over it in the web version of this article, you’ll see that it actually points to a completely different website, which is not related to Amazon, and could be literally anywhere in the world. If you enter your financial information there, it will be collected by the thief and used to break into your accounts. Even more deceptive is a link that points to a numeric IP address rather than a typical domain name, such as this one: http://www.amazon.com/info_update, or one that uses a so-called "loopback" address: http://www.amazon.com/info_update (again, hover to see the underlying addresses). There are ways to find out where an IP address is actually poining,6 but in such a case it is almost certain to be pernicious.

False Information

One of the great benefits of the Internet is that it has allowed anyone, even someone without a lot of money, to become a publisher. The downside of this is that anyone can become a publisher—and thus the quality of what is published drops substantially. Any crazy idea can be posted on the Internet, and there are typically no factcheckers. On balance, this is a good thing; the reader can take responsibility for what he chooses to believe. But many users naïvely believe whatever they find. Urban legends are everywhere on the Internet, and they can be harmless, merely an irritation, or quite dangerous.

There are numerous examples of urban legends being circulated on the internet. One of the classics is the "Craig Shergold" story. There’s a child dying in the hospital, see, and he wants to get as many get-well cards as he can before he dies. So please send him one at this address. Interestingly, this story is not false; it’s just outdated. There was a Craig Shergold, and he was in a hospital in England, but he’s all better now, thank you, and the hospital still has to hire extra people to handle all those get-well cards.

A simple policy will solve the problem: when you get an e-mail with an interesting story, even from a friend, don’t pass it on until you’ve checked it out. The standard place to check it out is http://www.snopes.com/, which maintains a database of urban legends that is quite well maintained. See the Craig Shergold story there at http://www.snopes.com/inboxer/children/shergold.htm.

Incidentally, one of the most common types of urban legends is false warnings about viruses. Ironically, well-meaning users pass the stories around via e-mail to all of their friends, and in so doing they duplicate the function of the very viruses they’re so worried about. The two major publishers of antivirus software, Symantec (http://www.symantec.com/avcenter/hoax.html) and McAfee (http://us.mcafee.com/virusInfo/default.asp?id=hoaxes), maintain libraries of virus hoaxes where users can easily check out a story before forwarding it.

1This line is credited to Stewart Brand, Internet pioneer, evolutionist, environmentalist, counterculture advocate, and creator of the Whole Earth Catalog. The line occurs in his book The Media Lab: Inventing the Future at MIT (1987). The complete context clarifies his meaning: "Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine—too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. That tension will not go away. It leads to endless wrenching debate about price, copyright, ‘intellectual property,’ the moral rightness of casual distribution, because each round of new devices makes the tension worse, not better."

2 For a discussion of the technical difference among these terms, see http://www.microsoft.com/athome/security/viruses/intro_viruses_what.mspx.

3The word actually has respectable roots, but it has lost that connotation in current usage. See one discussion of the issue at http://netsecurity.about.com/b/a/076701.htm.

4This line originated with a cartoon in the New Yorker: http://cartoonbank.com/product_details.asp?mscssid=1EP4AW5LEH4D8MS66LH08E3QQ338C1P2&sitetype=1&sid=22230&did=4.

5In Windows XP, for example, the cookies are stored at c:\Documents and Settings\[login-name]\cookies\, where [login-name] is the name the computer user has been assigned. The default is "Default User."

6See http://www.internic.net/whois.html.

Dan Olinger teaches in the Seminary and Graduate School of Religion at Bob Jones University.